Qilai Shen/Bloomberg/Getty Images
ICBC is one of China’s “big four” state-owned lenders.
Editor’s Note: Sign up for CNN’s Meanwhile in China newsletter, which explores what you need to know about the country’s rise and its impact on the world.
A US unit of the Industrial and Commercial Bank of China (ICBC) was hit this week by a ransomware attack that disrupted some of its systems, apparently affecting liquidity in US Treasuries, which may have contributed to a brief massive market sell-off on Thursday.
ICBC Financial Services, headquartered in New York, said in a statement that the attack, which occurred Wednesday, had been reported to law enforcement. The company was investigating the incident and trying to recover from the cyberattack.
“We have successfully offset the U.S. Treasury trades executed on Wednesday…and the funding trades (repurchase agreements) executed on Thursday,” the statement said.
Ransomware attacks are a form of cyber extortion. The perpetrator locks the victim’s data or networks and demands payment to unlock access.
Systems at ICBC’s Beijing headquarters and other domestic and foreign units were not affected by the incident, nor was ICBC’s New York branch, the unit said.
The state-owned ICBC is the largest of China’s “big four” banks and the world’s largest lender by assets, according to S&P Global. On Friday, China’s Foreign Ministry said the bank was paying close attention to the incident.
It “completed emergency management and supervision with the aim of minimizing risk impact and losses,” ministry spokesperson Wang Wenbin told reporters at a regular press briefing.
Global financial regulators are weighing the consequences.
“We are aware of the issue of cybersecurity and are in regular contact with the main players in the financial sector, in addition to federal regulators. We continue to monitor the situation,” a Treasury spokesperson said.
The U.S. Securities and Exchange Commission is also aware of the incident and “continues to monitor the matter with a focus on maintaining fair and orderly markets,” an agency spokesperson said. .
A spokesperson for the UK’s Financial Conduct Authority said it was “communicating with relevant US and UK authorities and businesses to identify any impacts on UK financial services”.
The Financial Times and Reuters cited some market participants as saying that transactions going through ICBC had been disrupted, affecting market liquidity. It is unclear whether the incident contributed to weak 30-year bond auctions. by the US Treasury on Thursday.
There was a “strong sell-off” in Treasuries after the auction, Swissquote Bank senior analyst Ipek Ozkardeskaya wrote in a note to investors Friday, saying yields rose on a range of different bonds .
The S&P 500, Dow Jones and Nasdaq all closed lower on Thursday.
“Of course, the sudden rise in US yields hit appetite for US stocks yesterday,” she said. “The US bond auctions brought a lot of volatility, questions and uncertainties.”
Peter Cardillo, chief market economist at Spartan Capital Securities, says the ransomware attack could have contributed to the auction’s poor performance over 30 years. The attack could have impacted the bank’s ability to clear transactions or lead to reroutings and, therefore, impact the liquidity of the Treasury market or the ability to quickly trade an asset.
China is a major player in the Treasury bond market. According to the most recent data from the US Treasury Department, China held $805.4 billion in Treasury securities as of August. It is the second largest foreign holder of U.S. Treasuries after Japan.
Globally, ransomware attacks have disrupted business operations and major public services. The issue has become a national security and economic concern for President Joe Biden’s administration.
CNN’s Olesya Dmitracova, Matt Egan, Wayne Chang, Krystal Hur and Reuters contributed to this report.